SSH tunnel and intranet penetration

Language 2023-06-05 13:54:39 views: null

SSH parameter explanation

  • -L port:host:hostPort
    • Explanation : Forward a certain port of the local machine to the specified port of the remote specified machine
    • Principle : The local machine allocates a socket listening port. Once there is a connection on the port, the connection will be forwarded through the secure channel, and the remote host will establish a connection with the hostPort port of the host. Port forwarding can be specified in the configuration file. Only root can forward privileged ports.
  • -R port:host:hostPort
    • Explanation : Forward a port of the remote host to a specified port of the specified machine on the local side. Reverse Tunnel Proxy
    • Principle : A socket listening port is allocated on the remote host. Once there is a connection on this port, the connection will be forwarded through the secure channel, and at the same time, the local host will establish a connection with the hostPort port of the host. Port forwarding can be specified in the configuration file. Only root can forward privileged ports

  • -D port

    • Explanation : Specify a dynamic application port forwarding for the local machine. dynamic proxy
    • Principle : Allocate a socket listening port on the local machine. Once there is a connection on this port, the connection will be forwarded through the secure channel. According to the protocol of the application program, it can be determined where the remote host will connect. Port forwarding can be specified in the configuration file. Only root can forward privileged ports

  • -N

    • Explanation : Do not execute the remote login command, it is used to forward the port. If the port forwarding command does not carry -N, it will directly log in to the remote machine

  • -f

    • Explanation : Ask the ssh command to execute the command in the background.

  • -g

    • Explanation : Allow remote hosts to connect to locally forwarded ports

local forwarding

function explanation

Execute the ssh command on server A to log in to server B to enable the ssh tunnel to achieve the purpose of actually accessing the target port of server B by accessing the forwarding port of server A.
Replaced by Image Uploder

scenes to be used

For various network or security reasons, the client service directly accesses the port of server B, so as long as server A can access the ssh port of server B, the client can access the forwarding port of server A indirectly by establishing an ssh tunnel Access to the specified port of the B server

Command example (the following commands are all executed on host A)

The ssh tunnel is enabled after SSH login, but only listens to the 127.0.0.1 address of host A, and the tunnel is disconnected after exiting ssh login

ssh -LA forwarding port: B host IP: B destination port root@B host

Do not log in to host B after the SSH command, only enable the ssh tunnel, and only listen to the 127.0.0.1 address of host A, and the tunnel is disconnected after closing the terminal of host A

ssh -N -L A转发port:B主机IP:B目的端口 root@B主机

Do not log in to host B after the SSH command, only enable the ssh tunnel, only listen to the 127.0.0.1 address of host A, and the tunnel will not be disconnected after closing the terminal of host A

ssh -f -N -L A转发port:B主机IP:B目的端口 root@B主机

Specify the network card bound to the ssh tunnel forwarding port in host A

ssh -f -N -L A主机IP:A转发port:B主机IP:B目的端口 root@B主机

Bind the forwarding port to all network cards of host A

ssh -g -f -N -L A转发port:B主机:B目的端口 root@B主机

remote forwarding

function explanation

Remote forwarding is to execute the ssh command on the B server to log in to the A server to enable the SSH tunnel, so as to achieve the purpose of actually accessing the target port of the B server by accessing the forwarding port of the A server. The difference between it and local forwarding lies in the target server port on which server the ssh command is used to establish a tunnel to access.
Replaced by Image Uploder

scenes to be used

The usage scenarios of remote forwarding are extensive and practical.

If we run a tomcat service on our home computer and want to provide access to the Internet, since home computers generally access the Internet through routers (that is, in the nat network), we need to perform port mapping on the home router to achieve this.

What if we are a public router without permission? Or what should we do if we do not have authority in a company with strict authority control?

Coincidentally, we still have a host with a public IP (such as Alibaba Cloud host, etc.), our home computer can access the Internet (that is, we can SSH to access the host with a public IP), directly use SSH tunnel can solve the above problems.

Command example (the following commands are all executed on host B)

Do not log in to host A after the SSH command, only enable the ssh tunnel, only listen to the 127.0.0.1 address of host A, and the tunnel will not be disconnected after closing the terminal of host B

ssh -f -N -R A主机转发端口:B主机IP:B目的端口 root@A主机

Seeing this, you will definitely think of the following two instructions to bind to a non-lookback address:

ssh -f -N -R A主机IP:A主机转发端口:B主机IP:B目的端口 root@A主机

ssh -g -f -N -R A主机转发端口:B主机IP:B目的端口 root@A主机

Bind remote forwarding to network card

After we try to establish a remote forwarding tunnel above, we only listen to the 127.0.0.1 address, because there is such a configuration in the configuration file /etc/ssh/sshd_config of the SSH service

Note: There is no config configuration file in the user/.ssh/ folder under Windows, you can manually create a config file to implement the corresponding configuration
GatewayPorts Whether to allow remote hosts to connect to local forwarding ports, the default value is no.

After configuring this item as yes and restarting the SSH service, execute the command again

ssh -f -N -R A主机转发端口:B主机IP:B目的端口 root@A主机

At this time, the forwarding port for remote forwarding will be set on all network cards of host A, that is,0.0.0.0

Of course, in addition to this method, we can also use other technical means to allow other hosts to access the forwarding port of host A's 127.0.0.1 address, for example, use other programs on host A to reverse proxy the forwarding port of 127.0.0.1 (nginx reverse acting)

dynamic forwarding

function explanation

Dynamic forwarding is to forward the data through the tunnel to the destination address network by configuring a local port.

As shown in the figure below, unlike local forwarding and remote forwarding, the forwarding port and the target port are one-to-one in dynamic forwarding. The corresponding target of the forwarding port in dynamic forwarding is the entire network where the target host is located. However, when using dynamic forwarding to access the network where the target host is located, the application itself needs to support proxy configuration or use socket proxy tools.

scenes to be used

Also as shown in the figure above, if there is a firewall between subnet 1 and subnet 2, host A can only access the ssh port of host B. At this time, if host A or an external client wants to access subnet 2 For any port of any IP address, dynamic forwarding tunnels can be used.

Command example (the following commands are all executed on host A)

Do not log in to host B after the SSH command, only enable the ssh tunnel, only listen to the 127.0.0.1 address of host A, and the tunnel will not be disconnected after closing the terminal of host A

ssh -f -N -D A主机转发端口 root@A主机

Do not log in to host B after the SSH command, only enable the ssh tunnel, monitor the IP address of the network card specified by host A, and the tunnel will not be disconnected after closing the terminal of host A

ssh -f -N -D A主机IP地址:A主机转发端口 root@A主机

Client agent configuration

After the dynamic proxy tunnel is created, we need to set it through the proxy client before using the tunnel. If the application supports configuration, configure it directly. If it is an application that does not support proxy configuration, you need to use a socket proxy tool to work with it. Commonly used client proxy tools areproxifier

Establish a stable proxy tunnel

Usually, in order to ensure security, we ssh will automatically disconnect when we have not used it for a period of time, which is very inconvenient. Therefore, we need some means to ensure that our ssh tunnel is more stable and will not be disconnected halfway

Putty

Putty is software for establishing connections to Telnet, SSH, rlogin, plain TCP, and serial interfaces. In the early days, it only supported the windows platform, and recently it gradually began to support other platforms

We can establish a stable connection by using putty to create an ssh proxy tunnel

Autossh

Autossh is a tool for establishing a stable ssh proxy tunnel under the linux platform

This article refers to "Detailed Explanation of SSH Tunnel and Using AutoSSH to Achieve Stable Intranet Penetration"

Guess you like

Origin blog.csdn.net/a914541185/article/details/124434169
Recommended
Ranking
[Algorithm] greedy _ program scheduling issues
Spring 控制反转(IOC)
Data structure-6.6 figure
Indicates that the class or member method has abstract properties
Huawei v5 server installed Linux operating system
Postgresql source code analysis - creating ordinary tables
Chapter 10 Evaluation Classification Results
Cloud service Ubuntu 20.04 version uses Nginx to deploy static web pages
Java Exercise 17.1
Solve the problem that git cannot automatically push submission in IDEA Push failed: Failed with error: Could not read from remote repository.
Daily
More
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)

Code World

© 2018 codetd.com